Thursday, January 6, 2011

Playing with Kismet clients

Since there was a request on the Kismet forum for a way to log to SQL, and since Rick has been bugging me for some time about doing a NIC shootout plugin to compare sniffing performance of various cards, I decided it was time to do some more Kismet client work to serve as examples.

Found in the ruby/ directory of the source, kismet.rb provides a dead simple way to interact with the Kismet server by subscribing to sentences and issuing commands, both with optional callbacks for command completion.

Logging data to SQL is as simple as opening a database with SQLite, converting the BSSID to a 64bit integer for fast comparison as the primary key, and inserting or updating rows depending on if the data was already present.  The current example code logs only a few fields, patches welcome for more complete logging.

The NIC Shootout code requires a little more work - namely, taking interfaces provided by the user and finding the source UUID by subscribing to the *SOURCE sentence, ordering cards to lock channel via the HOPSOURCE command, and maintaining enough state to know that all the selected sources have updated (since Kismet sends a *SOURCE sentence per capture source) and printing out the output.  Including 'pretty' output which updates a single screen instead of printing a line per output, the whole script weighs in at just around 300 lines.

Hopefully the additional examples of using the Ruby API will inspire people to develop more utility clients for Kismet.

A small bit of ruby later:

dragorn@drd1812 ~/src/kismet/ruby $ ./kismet_shootout.rb --pretty wlan0 wlan1 wlan3

INFO: Kismet NIC Shootout
      Compare capture performance of multiple NICs

INFO: Connecting to Kismet server on localhost:2501
INFO: Testing sources wlan1, wlan3, wlan0 on channel 6
INFO: Found card UUID d46ae184-19af-11e0-9749-6404941be201 for wlan0
INFO: Found card UUID e5a10428-19ce-11e0-9749-0d04111be301 for wlan1
INFO: Found card UUID 0b27d438-19cf-11e0-9749-0f04131be501 for wlan3
INFO: Locking wlan1, wlan3, wlan0 to channel 6
INFO: Waiting for sources to settle on channel...

           PPS    Total Pcnt  Total
   wlan3    22     2001  59%
   wlan1    21     2112  62%
   wlan0    38     3372 100%
                                 81

[Edit - Updated to reflect new arguments to shootout]
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)